All thank you in advanced for the help!
I have configured numerous systems now but recently ran into ADFS (as the IdP). I am receiving the “No {username} found in response” error message and can’t seem to pinpoint why that may be occurring. I initially thought it was because of signing/encryption but that doesn’t seem to be the issue (I turned them for testing purposes).
I then grabbed the response and started to analyze it (trimmed below) and noticed that the XML did not have the “saml:” prefix so for example:
test@test.com
The other XML elements in there do not have it either outside of it being in the “samlp:Response” - but not sure if that is the reason - thoughts? I guess the TLDR would be does every element need to be prefixed with “saml:”?
Again thank you in advance!
The XML prefix isn’t important. It’s just a way to indicate the XML namespace under which an element or attribute is declared. If it’s not present, it means the default namespace declaration applies.
There are no issues with receiving SAML responses from ADFS.
Are you expecting a SAML Name ID or a SAML attribute with the name “username”?
If it’s missing, either a claim rule hasn’t been configured for your relying party in ADFS to include this in the SAML assertion or there’s no corresponding Active Directory attribute for the user.
If there’s still an issue, please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning your forum post.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace
We can then take a look to see exactly what’s being returned in the SAML assertion by ADFS.
There are no issues with receiving SAML responses from ADFS.
Are you expecting a SAML Name ID or a SAML attribute with the name "username"?
If it's missing, either a claim rule hasn't been configured for your relying party in ADFS to include this in the SAML assertion or there's no corresponding Active Directory attribute for the user.
If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning your forum post.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace
We can then take a look to see exactly what's being returned in the SAML assertion by ADFS.
Thank you - I followed up with an email to the support address. Looking forward to your response.
Received, thanks.
The SAML response doesn’t include a SAML Subject Name ID. It contains one SAML attribute named “username”.
I’m not sure where the “No {username} found in response” is originating.
Not having a Name ID is valid although not typical.
If your application requires a Name ID (ie the userName output parameter to SAMLServiceProvider.ReceiveSSO), you should create a claim rule in ADFS for your relying party that maps something like the UPN to Name ID.
Please refer to our ADFS Relying Party Integration Guide for information on creating claim rules in ADFS.